What is claimed is: 



h 



1 1 . A method, comprising: 

2 storing, by a client, at least one first certificate from an authorizer; 

3 storing, by the client, a universal resource identifier (URI) associated 

4 with both the at least one first certificate and a third party; 

5 providing, by the client to the third party, at least one second certificate 

6 and the universal resource identifier (URI); and 

7 providing, by the client to the authorizer, the at least one first certificate, 

8 upon the authorizer accessing the universal resource identifier (URI); 

9 wherein the client retains control over the third party's use of the first 
10 certificate. 

1 2. The method as recited in claim 1 , further comprising: 

2 providing, by the client to the third party, a third certificate with a short- 

3 term usage, upon demand by the authorizer. 

1 3. The method as recited in claim 2, wherein the third certificate is a one- 

2 time use certificate. 

1 4. The method as recited in claim 1, further comprising: 

2 authenticating, by the client, the authorizer, upon the authorizer accessing 

3 the universal resource identifier (URI). 

1 5. The method as recited in claim 1 , further comprising: 

2 limiting, by the client, the third party's use of the first certificate. 

1 6. The method as recited in claim 1 , further comprising: 

2 tracking, by the client, the third party's use of the first certificate. 

1 7. The method as recited in claim 1, wherein the contents of the first 

2 certificate are not revealed to the third party. 
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8. The method as recited in claim 1, further comprising: 

revoking, by the client, the first certificate, upon the authorizer accessing 
the universal resource identifier (URI). 

9. A machine-accessible medium having associated content capable of 
directing the machine to perform a method comprising: 

receiving, by a client, a first certificate from an authorizer; 

generating, by the client, a universal resource identifier (URI) associated 
with both the at least one first certificate and a third party; 

providing, by the client to the third party, a second certificate and the 
universal resource identifier (URI); and 

providing, by the client to the authorizer, the first certificate, upon the 
authorizer accessing the universal resource identifier (URI), upon the third party 
providing the second certificate and universal resource identifier (URI) to the 
authorizer. 



10. The machine-accessible medium recited in claim 9, wherein the third 
party provides the second certificate and universal resource identifier (URI) to 
the authorizer in an extensible Markup language (XML) signature. 

1 1 . The machine-accessible medium recited in claim 10, wherein the first 
and second certificates are Simple Public Key Infrastructure (SPKI) certificates. 

12. The machine-accessible medium recited in claim 9, further comprising: 
granting, by the authorizer, access to the third party. 

13. The machine-accessible medium recited in claim 9, further comprising: 
tracking, by the client, at least one use of the second certificate. 

14. The machine-accessible medium recited in claim 9, further comprising: 
revoking, by the client, the second certificate. 
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15. A data signal, comprising: 

a second digital certificate issued from a client to a third party; and 

an universal resource identifier (URI) capable of retrieving a first digital 

certificate from a database associated with the client, wherein the first digital 

certificate issued from an authorizer to the client. 

16. The data signal recited in claim 1 5, wherein the second digital certificate 
grants less power than the first digital certificate. 

1 7. The data signal recited in claim 1 5, wherein the first and second digital 
certificates are Simple Public Key Infrastructure (SPKI) certificates. 
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